Security News
WireGuard has yet to arrive in the Linux kernel, but you can still start testing how this new feature will work.
Endpoint security firm Malwarebytes has launched a new VPN offering targeting work from home and consumer markets, featuring AES 256 encryption, WireGuard VPN protocol, no logging, and virtual servers in more than 30 different countries. Santa Clara, CA-based Malwarebytes has introduced Malwarebytes Privacy, a VPN it promises will be the first of an emerging suite of privacy products.
Google has made available BeyondCorp Remote Access, a cloud-based, zero trust service that allows employees, contractors and partners to securely access specific corporate resources from untrusted networks without having to use the company's VPN. The goal is to help companies with a suddenly massive remote workforce from overburdening the company's VPN infrastructure. BeyondCorp Remote Access is a subscription-based service that is available through Google Cloud.
"Extending VPN to new users and use cases helps solve some immediate problems of isolation and segmentation. It also comes under immediate pressure, as organizations see VPN access capacity straining under a scale of remote work until now unforeseen." NS1 Managed DNS, when used to direct VPN users, improves the experience for remote employees by intelligently and dynamically steering traffic to the optimal VPN access points for reliable, frictionless connectivity.
The tool is called "BeyondCorp" and the search'n'ad giant deployed it in 2011 to provide access to its own web apps. Google decided to launch the tool now because it thinks organisations scrambling to deliver apps to suddenly remote workers will appreciate an approach it promises is faster than rolling out a VPN, according to Sunil Patti, general manager and veep of Google's cloud security business.
Patching vulnerable enterprise VPNs from Pulse Secure is not enough to keep out malicious actors who have already exploited a vulnerability, the U.S. Cybersecurity and Infrastructure Security Agency warns. In August last year, Pulse Secure said that a majority of customers had installed the fixes released in April, but CISA now says that patching alone might not be enough to ensure the security of affected systems.
The Department of Homeland Security is urging companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, after several cyberattacks targeted companies who had previously patched a related flaw in the VPN. DHS warns that the Pulse Secure VPN patches may have come too late. "CISA strongly urges organizations that have not yet done so to upgrade their Pulse Secure VPN to the corresponding patches for CVE-2019-11510," according to CISA's alert.
The United States Cybersecurity and Infrastructure Security Agency yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution vulnerability in Pulse Secure VPN servers-even if they have already patched it. The warning comes three months after another CISA alert urging users and administrators to patch Pulse Secure VPN environments to thwart attacks exploiting the vulnerability.
Google has removed an Android VPN program from the Google Play store after researchers notified it of a critical vulnerability. VPNpro, a company that reviews and advises on VPN products, warned in February of a vulnerability in the product that could cause a man in the middle attack, enabling an intruder to insert themselves between the user and the VPN service.
Avast has released an Android version of Avast Secure Browser to extend its platform support beyond Windows and Mac on desktop to mobile. Avast Secure Browser for Android was developed following Avast's 2019 acquisition of Tenta, a private browser backed by Blockchain pioneers ConsenSys, and has been built from the ground up by privacy and cybersecurity engineers focused on total encryption.